Is Mobile Banking Actually Secure?

Mobile banking has arguably done more to simplify financial management than any other process or platform in the market. For some, checking balances is as easy as opening an app and tapping an arrow to see a drop down table listing available balances. The benefits from mobile banking are numerous and retaining control of one’s finances is more accessible than ever. However, consumers are still wary of this technology and possible security flaws. According to a report released by the Federal Reserve in 2016, “concern about the security of the technology was a common reason given for not using mobile banking or mobile payments (73 percent and 67 percent, respectively, of non-users)”.

With such an overwhelming statistic given as the reason for not utilizing the mobile banking platform, it begs the question: How safe is mobile banking? Well let’s find out.

The Security behind Mobile Banking | Source

To put it simply: Yes, mobile banking is secure*. Here are some of the reasons why.

(*Please bear in mind that security offerings differ between financial institutions. If you determine your financial institution to be missing some of the features below, you may want to consider changing institutions if mobile banking security is of important to you.)

Common Industry Security Standards:

A number of security measures are common across financial institutions and help provide a sturdy foundation for secure mobile banking. These measures include either SMS or email verification codes for first-time users that help to provide an additional layer of authentication. Even if a hacker obtains your log-in credentials, many institutions can recognize an unusual log-in attempt and will send a verification code that must be accessed from a user-verified channel in order to authenticate the log-in attempt. Otherwise, the hacker is out of luck.

Example SMS Verification | Source

Encryption is an absolute essential for banking security and you’ll find many institutions have done well at ensuring this measure is provided. 128-bit encryption is the standard go-to, having this feature ensures all data that is transmitted through the app is protected from snooping eyes. Aside from this, a number of other measures exist such as automatic timeouts that ensure no one can access your account if you’ve been inactive for a set period of time, refraining from storing data on the user’s phone so that no data is able to be obtained physically from the phone’s storage, and in the case where fraud does occur, many banks offer a Security Guarantee in which any fraudulent charges will be reimbursed if reported within the designated time limit (often 60 days).

Encryption prevents hackers from snooping on your data | Source

With some of the more common features out of the way, let’s look at some more innovative examples of how banks are protecting the security of mobile users. Perhaps the most ubiquitous security measure is multi-factor authentication. For example, Frost Bank based in Texas has a 4-digit PIN code that has to be entered in order to access the app, unique to the mobile platform. Likewise, Capital One has SureSwipe where customers make a unique swipe pattern with their finger to log-in. Capital One also sends purchase notifications and risk-based alerts from their Wallet app that help ensure you’re aware of any unusual activity.

Capital One offers multiple authentication options | Source

Card controls are becoming more prevalent within mobile apps. Imagine: you’ve lost your wallet and are worried about fraudulent charges being posted to your debit card. Well banks such as First National Bank allow their mobile app users to disable the card from the app. Though not necessarily mobile banking security, it is an example of a measure banks are taking to protect customer security through a variety of methods.

Now here’s a feature that is straight out of a spy movie from the 70’s: biometric authentication. It is more likely known by its patented name, Touch ID. Using your fingerprint, which is unique to you, as a way to quickly and securely log-in is the ultimate blend of convenience and security. Critics are quick to point out that fingerprints can be stolen just the same as passwords but cannot be changed. This is certainly true so remember to use other forms of authentication when available. Other biometric features include visual and voice banking so as to provide a multi-faceted authentication strategy, such as what USAA offers. Imagine being in a loud room that drowns your voice so as to prevent your phone’s microphone from registering it, or in a dark place that prevents visual authentication from occurring, well the mobile app will rely on the next available authentication measure.

USAA offers the most advanced biometric features on the market right now | Source

High-risk actions such as adding a payee through mobile are often subject to authentication measures, such as the SMS code Wells Fargo issues in order to perform this action. Bank of the West allows for easy disabling of the phone’s mobile app from their online banking system should the phone be lost. And many mobile apps are adding robust alerts to ensure users are aware of any suspicious activity, thereby putting the security in the hands of the users, such as Bank of America’s updated app. Aside from this, look for mobile banking apps that automatically scan for unusual activity and prompt authentication, and also rely on device recognition and location-based security as further security controls to keep fraudsters from accessing your account.

As a final note, though banks are doing more by the minute to protect your account, the ultimate responsibility lies in your hands. Technology is not without its flaws so as a mobile banking user there are a number of measures you can take to protect your finances. Never share any personal data, including account number, banking log-in, or any other information that can compromise your account. Log yourself out whenever you are done banking. Though many platforms do this for you automatically, it’s still better to be safe than sorry. Use a strong, long, multi-character password that relies on a unique combination of letters, numbers, and symbols, and is not easily guessed. Don’t share your mobile device with strangers, and ensure your device is locked when not in use. Always ensure your device and app are equipped with the latest updates. Avoid using mobile banking over an unsecure network such as public WiFi. Consider using a digital wallet (i.e. Apple Pay) for greater security from fraudsters looking to access your account. Ensure the mobile banking app you download is the correct app released by your financial institution, often the name of the publisher should suffice here. Avoid websites that aren’t protected by encryption (think https://) when submitting sensitive information. And lastly, if you receive suspicious correspondence of any kind, be it email or text or a phone call, don’t respond. Your bank likely has a secure method for contacting you if necessary and will not solicit your personal information. If you receive such correspondence, report it immediately to your bank so they can investigate it.

With the right precaution such as those listed above, mobile banking is secure as it needs to be to protect your data. In fact, it is often time just as secure if not more so than online banking. Using due diligence when choosing a financial institution that offers strong security measures and learning best practices in protecting your personal data can help ensure a pleasant and convenient mobile banking experience with minimal risk to your financial safety.